Archive for March, 2012

Apache – HTTPS Configuration – Ubuntu

March 2, 2012 Leave a comment

One of my friend wanted to enable SSL for apache, just like Tomcat which I have blogged earlier.

Creating Certificate and Certificate-Key
First lets create a certificate and Key for our Apache webserver.
Lets create directory in /etc/apache2/ssl where is the new directory.

ahmed@ubuntu:/etc/apache2/ssl$ sudo openssl req -new -x509 -days 365 -keyout vhost1.key -out vhost1.crt -nodes -subj '/O=Test India/OU=IT/'

Generating a 1024 bit RSA private key
writing new private key to 'vhost1.key'
ahmed@ubuntu:/etc/apache2/ssl$ ls
vhost1.crt vhost1.key

Once we have the Crt/Key created now lets Add port 443 to our configuration as Apache by default accepts Port 80.

Add information in Port.conf (/etc/apache2/ports.conf)
You will see that we have only NameVirtualHost *:80 and No 443 is available, so add NameVirtualHost *:443 to this like below.

NameVirtualHost *:80
NameVirtualHost *:443
Listen 80
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
Listen 443
<IfModule mod_gnutls.c>
Listen 443

Update – default-ssl information in file path below
ahmed@ubuntu:/etc/apache2/sites-available$ ls
default default-ssl
ahmed@ubuntu:/etc/apache2/sites-available$ pwd

# Enable/Disable SSL for this virtual host.
SSLEngine on

# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
#SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateFile /etc/apache2/ssl/vhost1.crt
#SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SSLCertificateKeyFile /etc/apache2/ssl/vhost1.key

Now lets create a link in the sites-enable directory.

ahmed@ubuntu:/etc/apache2/sites-enabled$ ls -l
total 0
lrwxrwxrwx 1 root root 26 2012-03-01 22:23 000-default -> ../sites-available/default
lrwxrwxrwx 1 root root 30 2012-03-01 22:26 000-default-ssl -> ../sites-available/default-ssl
ahmed@ubuntu:/etc/apache2/sites-enabled$ pwd

Make sure the server is ssl enabled.

ahmed@ubuntu:/etc/apache2/ssl$ sudo a2enmod ssl
Enabling module ssl.
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
Run '/etc/init.d/apache2 restart' to activate new configuration!
ahmed@ubuntu:/etc/apache2/ssl$ sudo service apache2 restart
* Restarting web server apache2 apache2: Could not reliably determine the server's fully qualified domain name, using for ServerName
... waiting .apache2: Could not reliably determine the server's fully qualified domain name, using for ServerName
[ OK ]

Categories: How To